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APPARATUS FOR PREVENTING COMPUTER PROGRAM SUPPLIED 
THROUGH NETWORKS OR COMMUNICATION CHANNELS OR THE 
LIKE FROM UNAUTHORISED USE AND METHOD THEREFOR 

FIELD OF THE INVENTION 

The present invention relates to protection of 
commercial computer programs supplied through networks or 
communication channels and particularly, to protection &t 
such commercial computer programs against unauthorised use. 

BACKGROUND OF THE PRESENT INVENTION 

Computer programs available in the market are typically 
stored in floppy disks or the like, which although intended 
to be used by the one who buys it only, admits of an 
unlimited number of times of copying and the number of 
actual users can be very large. At present, there is no way 
to well protect this proprietary rights of the software 
suppliers . 

And also, existing softwares selling systems consists 
of dealers and agents which should be undesirable because it 
increases softwares selling price. 

Therefore, it is an object of the present invention to 
provide apparatus and method to enable computer programs to 
be sold to user directly through networks or communication 
channels and to prevent unauthorised use of. such computer 
programs . ' / 



SUMMARY OF THE INVENTION 



According to one aspect of the present invention, there 
is provided in a computer a means for performing a 
predetermined algorithm on data supplied thereto from a 
running program, and supplying the result thus obtained to 
the running program, for the purpose of authenicating the 
identity of the computer by the running program. 

According to another aspect of the present invention, 
there is provided a method for supplying computer programs 
to computers inwhich comprising the steps of 

DETAILED DESCRIPTION OF THE PRESENT INVENTION 



According to the present invention, there is provided 
a computer with a part thereof for performing a 
predetermined algorithm on data supplied thereto from a 
running program, and supplying the result thus obtained to 
the running program. The part T may be in the form of a 
module, insertion card or the like and comprising a 
processing means 1 which may be a microprocessor operating 
independent of the computer or in other words, the computer 
and the part each has a respective processing means; and a 
ROM 2 or the like for storing the algorithm. 

Desirably, processing means 1 and the ROM 2 should be 
incorporated in a single IC and contained in a tamper- 
resistant housing so that data in the ROM 2 cannot be 



accessed directly and can be safeguarded by the processing 
means . 

Alternatively, part T may well be in the form of a 
authenication program AA stored in the harddisk or the like 
of the computer, of which details wil be described later. 

When a program running on the computer is to determine 
whether the computer is the one it is intended, for eg., by 
its proprietor, to run, a part of it say, subprogram A, 
generates a random number and sends it to part T. In the 
case part T is in module form, the random number is sent to 
the processing means 1 by writing to an input port thereof. 
In the case part T is an authenication program AA, it will 
be caused to be executed by subprogram A and the random 
number will be used as input parameter. Part T, in response 
thereto, performs a predetermined algorithm say, AAA, on 
said random number, and put the result thus obtained in an 
output port thereof for to be received by subprogram A. 
Subprogram A may 1) performs an identical algorithm on the 
random number to see if it gets the same result, or 2) 
performs a reverse algorithm on the result to get the random 
number back. In both cases, if it is failed, subprogram A 
will know that the computer is not the one it intended to 
run and causes at least a part of the program to function 
abnormally . 

According to another aspect of the present invention, 
there is provided a method for supplying computer programs 
to computers and a source computer which contains a storage 



of the computer programs 3 each includes a subprogram A, as 
described hereinabove, with the authenication algorithm 
therein missing and a storage of computer identities and 
authenication algorithms corresponding respective thereto 4 
; and is capable of communicating with the computer through 
a communication link, for eg., a telephone network. 

When it is desired that a particular program is to be 
received,, by a user computer, from the source computer, the 
computer will sends a request C which includes identifying 
information D for identifying the computer program to be 
received and an identity E of its own, through the 
communication link to the source computer. The source 
computer, in response thereto, generates a random number and 
sends it to the user computer. Then the user computer will, 
under control of its operating system, transfer the random 
number to part T which will perform a predetermined 
algorithm AAA on that random number and the result thus 
obtained will be supplied by the user computer to the source 
computer . 

The source computer may 1) performs an authenication 
algorithm stored in storage 4 and corresponds to the 
identity E received, on the random number to see if it gets 
the same result, or 2) performs a reverse algorithm on the 
result to get the random number back. If the result is 
favourable, then the identity. E is being authenicated and 
program can be supplied. 

It should be noted that the result from part T can also 



be treated as an user authorisation command for authorizing 
a payment to be transferred from an user account to the 
program proprietor or the like. 

In the aforegoing, the same authenicat ion algorithm AAA 
is being used by the source computer as well as the program 
to be supplied to authenicate the computer identity of a 
particular user computer. This has an advantage that it is 
more economic and computer user has to take responsibility 
to prevent the authenicat ion program AA or program(s) being 
supplied from the source computer from being copied, 
otherwise someone else may get know of the authenicat ion 
algorithm therein and may use his account. 

In case 2 separate algorithms is desirable for to be 
used by the source computer and those programs supplied 
respectively, then part T should be in module form or both 
algorithms should be incorporated in a same program and be 
indistinguishable . 

Then, the source computer incorporates the 
authenication algorithm AAA which corresponding to the 
computer identity received and which retrieved from storage 
4, into the program identified by the identifying 
information and which retrieved from storage 3 . Then sends 
the program to the computer. 

It should be noted that each of the authenication 
algorithms in storage 4 may be in the form of a subprogram 
and may be divided into segments each incorporated into a 
predetermined part of the program to be received and each 



interconnected by a JUMP instruction or the like, so that it 
may not be identitied from other program data easily. 

In addition, each authenication algorithm may desirably 
consist a plurality of sub-algorithms each use one or more 
than one parameters and the source computer can generate a 
great number of algorithms on its own by generating random 
numbers as those parameters and randomly arranged the 
sequence of sub-algorithms in different orders. 



